Monday, July 22, 2013

If it quacks like a duck... Why delay notification? Particularly to a crowd this important.
Apple Took Three Days to Tell Developers About a Site Hack
For three days now, anyone trying to access Apple's members-only developer page has been greeted with the following message:
This site is undergoing maintenance for and extended period today.
Thanks for your patience.
And on Sunday, the company finally explained why: Their developer site was the target of a hack that may have compromised the security of some development site users' names, email addresses, and mailing addresses. And while the company says that any sensitive information taken is safely encrypted, some developers with accounts at the site have reported unauthorized, and repeated, password reset requests.

(Related) Or, were they just over reacting?
Researcher: Apple developer site hack? I meant no harm
… In a lengthy comment to a TechCrunch story posted on Sunday, Balic identified himself as a security researcher who consults for different firms and has started doing research on Apple. In his investigation, he said he found 13 bugs on the Developer site, which he reported to Apple through its bug-reporting site.
One of the bugs apparently provided him with access to user data, which he said he immediately reported to Apple. Four hours after he filed his report, he said, the Developer Center shut down. Balic has since attempted to e-mail Apple but has yet to receive a response, he said.

It could have been worse: Ubuntu is free, so no credit cards.
Dan Goodin reports that e-mail addresses, user names, and password data for every registered user of the Ubuntu Forums—estimated to be 1.82 million accounts—were exposed in a security breach. Read more on Ars Technica.

Procedure fail. This just keeps happening. Does no one look for “Best Practices?”
Sean Sposito reports:
In a case that could serve as a warning to other banks that contribute customer data to public storehouses, Citigroup this week acknowledged that it failed to safeguard the personal information — Social Security numbers, birth dates and other sensitive data — of nearly 150,000 consumers who went into bankruptcy between 2007 and 2011.
Read more on American Banker.

What happens if everyone says, “Yes?” “Porn Filters” have blocked legitimate (e.g. Medical) sites before.
Cameron cracks down on 'corroding influence' of online pornography
Every household in Britain connected to the internet will be obliged to declare whether they want to maintain access to online pornography, David Cameron will announce on Monday.
In the most dramatic step by the government to crack down on the "corroding" influence of pornography on childhood, the prime minister will say that all internet users will be contacted by their service providers and given an "unavoidable choice" on whether to use filters.
… The prime minister's speech is designed to answer critics who accuse him of talking tough but failing to take action.

For my Computer Security students
2013 State of Cybercrime Survey from PwC and CSO
PwC US and CSO magazine today released the 2013 State of Cybercrime Survey, which reveals that while cybercrime threats are on the rise, current attempts to counter them remain largely unsuccessful. According to the report, organizations have made little progress in developing ways to defend themselves against both internal and external cyber opponents. Over 500 U.S. executives, security experts, and others from the private and public sectors were surveyed on their views on the state of cybercrime. The survey is a collaborative effort with PwC, CSO magazine, the U.S. Secret Service, the Software Engineering Institute CERT® Program at Carnegie Mellon University, and the FBI.”

Could I have my lawyers look for me?
… Where traditional job screenings involve criminal background checks and credit inspections, verification for corporate-worthiness now includes social-media sleuthing. Recruiters Google candidates’ names, peruse Facebook, and sieve the Twitter stream. The HR cliché is true enough: They’d be dumb not to search you. According to a representative of the US Equal Employment Opportunity Commission, 75 percent of recruiters are obliged by their companies to conduct web searches on prospects, and 70 percent of recruiters have jettisoned candidates for information found online. The hiccup, though, is the legally protected information to which recruiters might inadvertently be exposed.
Non-discrimination laws prohibit employers from asking job applicants certain questions. They’re not supposed to ask about things like age, race, gender, disability, marital, and veteran status. ( As you can imagine, sometimes a picture alone can reveal this privileged information. These safeguards against discrimination urge employers to simply not use this knowledge to make hiring decisions.)

“I have nothing to hide, but I hide stuff anyway?”
Privacy Protests: Surveillance Evasion and Fourth Amendment Suspicion
The police tend to think that those who evade surveillance are criminals. Yet the evasion may only be a protest against the surveillance itself. Faced with the growing surveillance capacities of the government, some people object. They buy “burners” (prepaid phones) or “freedom phones” from Asia that have had all tracking devices removed, or they hide their smartphones in ad hoc Faraday cages that block their signals. They use to surf the internet. They identify tracking devices with GPS detectors. They avoid credit cards and choose cash, prepaid debit cards, or bitcoins. They burn their garbage. At the extreme end, some “live off the grid” and cut off all contact with the modern world. These are all examples of what I call privacy protests: actions individuals take to block or to thwart government surveillance for reasons that are unrelated to criminal wrongdoing. Those engaged in privacy protests do so primarily because they object to the presence of perceived or potential government surveillance in their lives. How do we tell the difference between privacy protests and criminal evasions, and why does it matter? Surprisingly scant attention has been given to these questions, in part because Fourth Amendment law makes little distinction between ordinary criminal evasions and privacy protests. This article discusses the importance of these ordinary acts of resistance, their place in constitutional criminal procedure, and their potential social value in the struggle over the meaning of privacy.”

So who plays Edward R Murrow
Big Data, Little Privacy: Tracking the Usual Suspects
In his article, Ken Strutin examines how the 21st century use of watch lists might or might not resemble the labeling of the McCarthy period, and how the experience of that era might inform an evaluation of present-day designation of the dangerous. After first describing the two labeling mechanisms, it compares them along several axes, finding that watch listing has both repeated some 1950s failings and moved on to develop some new ones of its own. In particular, because they are compiled and used in an opaque and completely one-sided process, watch lists run a substantial risk of incorrectly including many people who pose no threat.

This is a game changer... Would subscribers leave Time Warner Cable if they realize what they could get for free?
Aereo could benefit from CBS-Time Warner Cable dispute
Streaming startup Aereo could be the big winner in high-stakes contract negotiations between CBS and Time Warner that have recently become very contentious.
CBS Corp., which is the parent company of CNET, has been negotiating a new carriage pact with Time Warner for its flagship network under an extension to their previous agreement that expired June 30. In a sign that talks are taking on a sour tone, CBS started running ads in New York, Los Angeles, and Dallas on Thursday saying Time Warner Cable customers could lose access to its shows on Wednesday, which is when that extension expires.
If CBS pulls its programming, Time Warner Cable is prepared to recommend that its New York subscribers use Aereo to access local programming, a spokesperson for the cable giant told The New York Times on Sunday. Aereo, which streams over-the-air broadcasts on the Internet, is already operating in New York and is planning a launch in Dallas this year.

No comments: